Sandbox (computer security) explained

In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The sandbox metaphor derives from the concept of a child's sandbox—a play area where kids can build, destroy, and experiment without causing any real-world damage.[1] It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system.[2] A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.

In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code without allowing the software to harm the host device.[3]

Implementations

A sandbox is implemented by executing the software in a restricted operating system environment, thus controlling the resources (e.g. file descriptors, memory, file system space, etc.) that a process may use.[4]

Examples of sandbox implementations include the following:

Some of the use cases for sandboxes include the following:

See also

External links

Notes and References

  1. Web site: 2023-09-13 . What Is a Sandbox Environment? - Meaning Proofpoint UK . 2024-05-28 . Proofpoint . en-gb.
  2. Web site: A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker). Ian . Goldberg . David . Wagner . Randi . Thomas . Eric . Brewer . amp . Proceedings of the Sixth USENIX UNIX Security Symposium. 1996. 25 October 2011.
  3. Web site: Geier . Eric . How to Keep Your PC Safe With Sandboxing . TechHive . 2012-01-16 . 2014-07-03 . 2014-07-12 . https://web.archive.org/web/20140712130329/http://www.techhive.com/article/247416/how_to_keep_your_pc_safe_with_sandboxing.html . dead .
  4. Web site: Sandboxing Applications. 2001. 7 May 2013.
  5. Web site: Application Sandbox - Android Open Source Project. 2021-04-02.
  6. Web site: About App Sandbox. 2020-12-09. developer.apple.com.
  7. Web site: Security of runtime process in iOS and iPadOS. 2021-04-04. Apple Support. en.
  8. Web site: Windows Sandbox. 2018-12-18. 2010-01-07.
  9. Web site: Auto-Sandboxing secure system . 2015-01-30.
  10. Web site: Computer System Security and Access Controls . 1991 . 17 May 2013 . dead . https://web.archive.org/web/20130528005443/http://oreilly.com/catalog/csb/chapter/ch03.html . 28 May 2013 .
  11. Web site: Native Client Sandbox – Untrusted x86 Native Code . 2015-01-03.
  12. https://developer.chrome.com/native-client Welcome to Native Client
  13. Web site: Internet Explorer Team Blog . Defense in Depth: Locking Down Mash-Ups with HTML5 Sandbox . IEBlog. 14 July 2011 .
  14. Web site: Efficient Software-Based Fault Isolation. Wahbe. Robert. 1993.